Sciweavers

EUROCRYPT
2000
Springer

Security Analysis of the Gennaro-Halevi-Rabin Signature Scheme

14 years 3 months ago
Security Analysis of the Gennaro-Halevi-Rabin Signature Scheme
We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme's security is based on two assumptions namely the strong RSA assumption and the existence of a division-intractable hash-function. For the latter, the authors conjectured a security level exponential in the hash-function's digest size whereas our attack is sub-exponential with respect to the digest size. Moreover, since the new attack is optimal, the length of the hash function can now be rigorously fixed. In particular, to get a security level equivalent to 1024-bit RSA, one should use a digest size of approximately 1024 bits instead of the 512 bits suggested in [9]. Keywords. Gennaro-Halevi-Rabin signature scheme, Strong RSA problem, division intractability.
Jean-Sébastien Coron, David Naccache
Added 24 Aug 2010
Updated 24 Aug 2010
Type Conference
Year 2000
Where EUROCRYPT
Authors Jean-Sébastien Coron, David Naccache
Comments (0)